What do you think? Leave a respectful comment.

‘One hack after the next’: After Home Depot breach, why can’t hackers be stopped?

After hackers stole customer data from the Home Depot weeks ago, questions remain as to why retail stores haven't been more successful at protecting their systems from cyber theft. For more on this, Mike Riley, a reporter with Bloomberg, joins Hari Sreenivasan in New York City.

Read the Full Transcript


    Turning now to yet another major security breach at one of America's largest retailers — this time, at Home Depot. What went wrong? And why can't hackers be stopped?

    For more, we are joined now by Mike Riley. He is a reporter with Bloomberg. So, we've heard reports about this hack weeks ago – what happened at Home Depot?


    So, it wasn't different than what happened at Target. Basically the hackers got into the network, and were able to use Home Depot's own system to put malware on each of the registers.

    So basically when you went to Home Depot, swiped the card, they were stealing the card almost as quickly as Home Depot was getting it.


    After seeing what happened to Target, I mean, this is a company that almost has $80 billion of revenue, 2,000 plus stores in the U.S. — didn't they learn from it?


    Yeah, I mean, that's the thing. It's one thing to be Target and watch this relatively kind of new attack; it's another thing to be Home Depot, watch Target get taking down, watch them lose 40,000 credit cards, not learn or at least not learn enough to act quickly so that doesn't happen to you.

    And I — retails generally don't have great security, and Home Depot did seem to take the steps quickly anyway. In one case, they, they bought an encryption system to encrypt the data from the register, so even if the hackers had stolen it, but they just didn't install it until about six, seven days ago.


    Well, compared this to the rest of the world, we don't necessarily hear about these hacking things happen, let's say, in Europe or Asia nearly as much.


    Yeah, the differences that Europe and Asia just about any advance economy use a credit card with a chip in it. The funny thing about the chip — it doesn't make it harder to steal the data, it makes hard, harder to make money from the data.

    Basically, what the chip in the card does — what the ecosystem works is you steal the credit card, you sell them to people, they buy the card, create the fake card, going to Best Buy to buy a giant TV, whatever it is.

    But it's much harder to, to create a fake card if it's got a chip in it. So, anything that's got a chip on it just makes it harder for thieves to make the money off the data.


    So, this is also a climate, where the consumers are getting a little fed up. Just saying, where did my credit card get used and what was that store that got hacked and how do I keep track of all this.


    It's just one hack after the next. I think it's, it's, I mean, I think one of the things I saw in Target is it was Christmas season hack and customers stopped going to the store.

    Now I don't know if that's gonna happen to Home Depot, maybe that the… they handle it differently, maybe that, that it's just a different kind of customer. But I think generally retail brands are taking hits because they, they're not protecting consumers' data.

    They basically, something that…. you walk in to store, you buy something, you expect the store to protect your data — that clearly isn't happening.


    Now this also seems to be we are in a, a different point of the evolution of how we transact business. I mean, credit cards kinda came around, say "hey, it's so much more secure than walking around with a big buzz of cash," and now the cards seem to be getting replaced by our phones, with NFC and other technology, maybe the Apple Pay thing.

    I mean, how quickly is the U.S. kind of moving towards the digital currencies or maybe even just putting those chips in the cards.


    So, next year basically, the U.S. is scheduled to start to catch up with the rest of the world, and transition into, basically, a chip system in their credit cards.

    The banks and the retailers have gotten together and said, look, we're gonna set October next year, 2015, as the deadline where the liability will shift whichever side of the, the equation doesn't allow the chip transaction.

    So if the retailers don't have the readers in their stores that can read the chips and they get hacked, liability is on them; if banks don't put chips in their cards and retailers get hacked, the liability is on them. It's.. It's gonna quit a lot of incentives to shift over, uh, and that could explain what is going on now.

    There seems to be kind of Feeding Frenze. You're seeing a lot of retail hacks — might be that they see this as their last opportunity before the transition starts in the place.


    And in the process, you've got the people that are victims of identity theft, which is kind of the worse case, not just the credit card lost.


    Right. It's not the… the credit card numbers are not the only data these guys are stealing. In the case of Target, for example, they take a lot of personal data as well: names. addresses, a lot of things these retailers store up.

    Target is really good at targeting specific kinds of sales and merchandising as to their customers, but all that is based on a huge amount of data they collect from their customers as they move around the stores, as they swipe their cards, as they send them stuff.

    You know, all of that is in their databases, so the hackers can, even if they can't get the cards, they can steal that.


    Alright, Michael Riley at Bloomberg. Thanks so much.

Listen to this Segment